Home › Forums › AWS › AWS Certified Security – Specialty › Wrong answer practice test › Reply To: Wrong answer practice test
-
Hello RandomNickname,
Thanks for the feedback.
The option “Add the { “Bool”: { “aws:SecureTransport”: “false” } } condition in the S3 bucket policy” came from the AWS documentation to force HTTPS access to the bucket.
Basically, the Bucket policy will “Deny” all requests with a condition if the user is trying to access via HTTP only.
This is the whole bucket policy.
{
“Id”: “ExamplePolicy”,
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “AllowSSLRequestsOnly”,
“Action”: “s3:*”,
“Effect”: “Deny”,
“Resource”: [
“arn:aws:s3:::awsexamplebucket”,
“arn:aws:s3:::awsexamplebucket/*”
],
“Condition”: {
“Bool”: {
“aws:SecureTransport”: “false”
}
},
“Principal”: “*”
}
]
}AWS also explains on why { “Bool”: { “aws:SecureTransport”: “true” } } should be avoided.
Please refer to this link for a more in-depth explanation: https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam!
Regards,
Kenneth Samonte @ Tutorials Dojo